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DETAILED ACTION 

1 . This action is in response to the amendment filed 4/21/06. 

2. Claims 1-4 & 6-43 are pending. 

Claim Rejections - 35 USC § 102 

3. The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that 
form the basis for the rejections under this section made in this Office action: 

A person shall be entitled to a patent unless - 

(b) the invention was patented or described in a printed publication in this or a foreign country or in public 
use or on sale in this country, more than one year prior to the date of application for patent in the United 
States. 

4. Claims 1-4 and 7-8 are rejected under 35 U.S.C. 102(b) as being anticipated by 
Hartel, et al., (Hartel), "The operational semantics of a Java Secure Processor", 
1/16/1998 (art made of record). 

As per claim 1 , Hartel discloses a method for securely installing an applet on 
a computer system having a data storage and a secure processor (p. 1 :20-21 , 
"software (i.e. applets) that has to be (installed and) run on a smart card processor (i.e. 
a secure processor)", and p. 4:35-36, "The JSP (i.e. secure processor) uses a number 
of areas of storage for data, code and bookkeeping"), comprising: 

- receiving an applet in the data storage (p. 4:35-36, "The JSP (i.e. secure 
processor) uses a number of areas of storage for data, code and bookkeeping"). 
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- determining from at least a portion of the applet whether the applet is 
capable of being executed by the secure processor (p. 2:27-28, "{{he applet is) 
digitally signed so that tampering can be detected when code is being loaded (i.e. if it is 
determined from the signature that the applet has been tampered with, the applet is 
deemed incapable of being executed by the secure processor)"), 

- wherein the portion of the applet includes at least one of a security meta- 
data portion, a resource meta-data portion, and a meta-data signature portion (p. 
2:27-28, "(the applet is) digitally signed (i.e. a meta-data signature portion) so that 
tampering can be detected when code is being loaded"), 

- installing the applet on the secure processor if the secure processor is 
capable of executing the applet (p. 2:27-28, "(the applet is) digitally signed so that 
tampering can be detected when code is being loaded (i.e. if it is determined from the 
signature that the applet has been tampered with, the applet is deemed incapable of 
being executed by the secure processor; otherwise, the applet is installed on the secure 
processor)"). 

As per claim 2, the rejection of claim 1 is incorporated and further, Hartel 
discloses that the applet is stored in a non-secure storage (p. 4:35-36, "The JSP (i.e. 
secure processor) uses a number of areas of storage for data (i.e. secure and non- 
secure storage), code and bookkeeping"). 
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As per claim 3, the rejection of claim 2 is incorporated and further, Hartel 
discloses that the applet further comprises a meta-data portion and an executable 
portion (p. 2:27-28, "(the applet is) digitally signed (i.e. a meta-data portion) so that 
tampering can be detected when code is being loaded", and an applet contains an 
executable portion). 

As per claim 4, the rejection of claim 3 is incorporated and further, Hartel 
discloses that the applet further comprises a certificate portion (p. 2:27-28, "(the 
applet is) digitally signed (i.e. a certificate) so that tampering can be detected when 
code is being loaded"). 

As per claim 7, the rejection of claim 5 is incorporated and further, Hartel 
discloses that the step of determining whether the applet is capable of being 
executed by the secure processor further comprises loading the meta-data 
portion of the applet into a secure storage area in the secure processor (p. 4:35- 
36, "The JSP (i.e. secure processor) uses a number of areas of storage (i.e. secure and 
non-secure) for data, code and bookkeeping"). 

As per claim 8, the rejection of claim 7 is incorporated and further, Hartel 
discloses that the step of determining whether the applet is capable of being 
executed by the secure processor further comprises cryptographically verifying 
the security meta-data portion and the resource meta-data portion of the meta- 
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data portion of the applet against the signature portion of the meta-data portion of 
the applet (p. 2:21-22 "provide facilities such as ownership control and 
cryptographically protected modes of use"). 

Claim Rejections - 35 USC § 103 

5. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner In which the invention was made. 

6. Claims 9-11, 13-21 and 33-36 are rejected under 35 U.S.C. 103(a) as being 
obvious over Hartel, et al., (Hartel), "The operational semantics of a Java Secure 
Processor", 1/16/1998, in view of Shear etal. (Shear), U.S. Patent No. 6,157,721. 

As per claim 9, the rejection of claim 7 is incorporated and further, Hartel doesn't 
explicitly disclose that the step of determining whether the applet is capable of 
being executed by the secure processor further comprises verifying that a secure 
processor security requirement of the security meta-data portion of the applet is 
met or exceeded by a secure processor security rating of the secure processor. 

However, Shear, in an analogous environment, discloses that the step of 
determining whether the applet is capable of being executed by the secure 
processor further comprises verifying that a secure processor security 
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requirement of the security meta-data portion of the applet is met or exceeded by 
a secure processor security rating of the secure processor (col. 22:27-40, 
"preventing protected processing environments (i.e. secure processor) having different 
security level classifications (i.e. secure processor security rating) from executing the 
same load module (i.e. applet)"). 

Therefore, it would have been obvious to a person of ordinary skill in the art, at 
the time the invention was made, to incorporate the teachings of Shear into the system 
of Hartel to have the step of determining whether the applet is capable of being 
executed by the secure processor further comprise verifying that a secure 
processor security requirement of the security meta-data portion of the applet is 
met or exceeded by a secure processor security rating of the secure processor. 
The modification would have been obvious because one of ordinary skill in the art would 
have wanted to load the appropriate applet for the specified computer system, based on 
all of the requirements of the applet program, so that the applet/system combination will 
execute properly. 

As per claim 10, the rejection of claim 9 is incorporated and further, Hartel 
doesn't explicitly disclose that the step of determining whether the applet is capable of 
being executed by the secure processor further comprises: 

- determining that the secure processor security requirement of the 
security meta-data portion of the applet is not met or exceeded by a secure 
processor security rating of the secure processor. 
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- suggesting the use of a second applet that may have a second secure 
processor security requirement that is met or exceeded by the secure processor 
security rating of the secure processor . 

However, Shear, in an analogous environment, discloses that the step of 
determining whether the applet is capable of being executed by the secure processor 
further comprises: 

- determining that the secure processor security requirement of the 
security meta-data portion of the applet is not met or exceeded by a secure 
processor security rating of the secure processor (col. 22:27-40, "preventing 
protected processing environments (i.e. secure processor) having different security level 
classifications (i.e. secure processor security rating) from executing the same load 
module (i.e. applet)"), 

- suggesting the use of a second applet that may have a second secure 
processor security requirement that is met or exceeded by the secure processor 
security rating of the secure processor (col. 22:27-40, "preventing protected 
processing environments (i.e. secure processor) having different security level 
classifications (i.e. secure processor security rating) from executing the same load 
module (i.e. applet)"). 

Therefore, it would have been obvious to a person of ordinary skill in the art, at 
the time the invention was made, to incorporate the teachings of Shear into the system 
of Hartel to have the step of determining whether the applet is capable of being 
executed by the secure processor further comprises: 
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- determining that the secure processor security requirement of the 
security meta-data portion of the applet is not met or exceeded by a secure 
processor security rating of the secure, 

- suggesting the use of a second applet that may have a second secure 
processor security requirement that is met or exceeded by the secure processor 
security rating of the secure processor. 

The modification would have been obvious because one of ordinary skill in the 
art would have wanted to load the appropriate applet for the specified computer system, 
based on all of the requirements of the applet program, so that the applet/system 
combination will execute properly. 

As per claims 11 & 13, the Hartel/Shear system also discloses such claimed 
limitations as addressed in claim 9 & 10, above. 

As per claim 14, the rejection of claim 3 is incorporated and further, Hartel 
discloses: an encrypted executable and an unencrypted signature (p. 2:21-22 
"provide facilities such as ownership control and cryptographically protected modes of 
use"). 

As per claim 15, the rejection of claim 14 is incorporated and further, Hartel 
discloses that the step of installing the applet on the secure processor further 
comprises storing the executable portion of the applet in the secure storage area 
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(p. 4:35-36, "The JSP (i.e. secure processor) uses a number of areas of storage (i.e. 
secure and unsecured) for data, code and bookkeeping"). 

As per claim 16, the rejection of claim 15 is incorporated and further, Hartel 
discloses that the step of installing the applet on the secure processor further comprises 
requesting a decryption Icey for the encrypted executable portion of the applet; 
receiving the decryption key; and decrypting the encrypted executable portion 
into an unencrypted executable portion using the decryption key (p. 2:21-22 
"provide facilities such as ownership control and cryptographically protected modes of 
use"). 

As per claim 17, the rejection of claim 16 is incorporated and further, Hartel 
discloses that the step of installing the applet on the secure processor further 
comprises verifying the unencrypted executable portion against the unencrypted 
executable signature (p. 2:21-22 "provide facilities such as ownership control and 
cryptographically protected modes of use"). 

As per claim 18, the rejection of claim 16 is incorporated and further, Hartel 
discloses that the step of installing the applet on the secure processor further 
comprises verifying the executable portion prepended with an applet serial 
number, against the unencrypted executable signature (p. 2:21-22 "provide facilities 
such as ownership control and cryptographically protected modes of use", and p. 5:17- 
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18, "gathers the bytecode and the method headers (containing the applet serial number) 
for the methods of all application programs (i.e. applets) in the system"). 

As per claim 19, the rejection of claim 17 is incorporated and further, Hartel 
discloses that the step of installing the applet on the secure processor further comprises 
binding the unencrypted executable portion to the secure processor (p. 2:21-22 
"provide facilities such as ownership control and cryptographically protected modes of 
use"). 

As per claim 20, the rejection of claim 17 is incorporated and further, Hartel 
discloses that the step of installing the applet on the secure processor further 
comprises: 

- encrypting the unencrypted executable portion to an encrypted 
executable (p. 2:21-22 "provide facilities such as ownership control and 
cryptographically protected modes of use"), 

- storing the encrypted executable in the non-secure storage (p. 4:3, "an 
(non-secure) area of memory"), 

- storing the encrypted executable's decryption key in the secure storage 
area (p. 2:21-22 "provide facilities such as ownership control and cryptographically 
protected modes of use"). 
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As per claim 21, the rejection of claim 1 is incorporated and further, Hartel 
discloses that the computer system further comprises a non-secure processor (p. 

2:3, "a JVM"). 

As per claims 33-36, this is a system version of the claimed method discussed 
above, in claims 3-4, wherein all claimed limitations have also been addressed and/or 
cited as set forth above. For example, see the Hartel/Shear system, e.g. Hartel p. 1:20- 
6:40 and Shear col. 5:1-5 and 22:27-40. 

7. Claims 6, 12, 22-32 and 37-43 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over Hartel, et al., (Hartel), "The operational semantics of a Java Secure 
Processor", 1/16/1998, in view of Shear et al, (Shear), U.S. Patent No. 6,157,721, 
further in view of Moore et al. (Moore), U.S. Patent No. 5,696,975. 

As per claim 6, the rejection of claim 5 is incorporated and further, the 
Hartel/Shear system doesn't explicitly disclose that the resource meta-data portion is 
adapted to designate resources comprising at least one of: a biometric sensor; a 
secure output; a keyboard; a personal identification number entry device; a 
global positioning system input; a magnetic stripe card reader; a secure storage 
area; a performance metrics, an algorithm implementing specific cryptographic 
algorithms; and at least one smart card slot. 
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However, Moore, in an analogous environment, discloses that the resource 
meta-data portion is adapted to designate resources comprising at least one of: a 
biometric sensor; a secure output (p. 3 col. L:30-31, "Secure Sockets Layer (SSL) 
technology"); a keyboard; a personal identification number entry device; a global 
positioning system input; a magnetic stripe card reader; a secure storage area; a 
performance metrics, an algorithm implementing specific cryptographic 
algorithms; and at least one smart card slot (col. 1:29-45, "The steps in launching an 
application, i.e., installation, configuration, and execution ... requiring the computer 
system to be configured or reconfigured with the specific requirements of the application 
in mind. For example, some applications require the use of an expanded memory 
manager while others will operate only if no expanded memory is allocated (i.e. memory 
and performance metrics)", and col. 8:5-20, "The initialization file is then scanned 462 
the first time to determine the total memory requirements for the application. If the 
amount required exceeds the amount available 464, an error message is displayed 466 
to the user"). 

Therefore, it would have been obvious to a person of ordinary skill in the art, at 
the time the invention was made, to incorporate the teachings of Moore into the 
Hartel/Shear system in order to have a the resources designated, comprise at least one 
of : a biometric sensor; a secure output; a keyboard; a personal identification 
number entry device; a global positioning system input; a magnetic stripe card 
reader; a secure storage area; a performance metrics, an algorithm implementing 
specific cryptographic algorithms; and at least one smart card slot. The 



Application/Control Number: 09/855,898 Page 13 

Art Unit: 2192 

modification would have been obvious because one of ordinary skill in the art would 
have wanted verify that the appropriate requirements are available on the computer 
system in order to load the appropriate applet for the computer system, so that the 
applet/system combination will execute properly. 

As per claim 12, the rejection of claim 7 is incorporated and further, the 
Hartel/Shear system doesn't explicitly disclose that the step of determining whether 
the applet is capable of being executed by the secure processor further 
comprises verifying that the secure processor is capable of supplying resources 
designated in the resource meta-data portion of the meta-data portion of the 
applet. 

However, Moore, in an analogous environment, discloses that the step of 
determining whether the applet is capable of being executed by the secure 
processor further comprises verifying that the secure processor is capable of 
supplying resources designated in the resource meta-data portion of the meta- 
data portion of the applet (col. 1:29-45, "The steps in launching an application, i.e., 
installation, configuration, and execution ... requiring the computer system to be 
configured or reconfigured with the specific requirements of the application in mind. For 
example, some applications require the use of an expanded memory manager while 
others will operate only if no expanded memory is allocated (i.e. resources)", and col. 
8:5-20, "The initialization file is then scanned 462 the first time to determine the total 
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memory requirements for the application. If the amount required exceeds the amount 
available 464, an error message is displayed 466 to the user"). 

Therefore, it would have been obvious to a person of ordinary skill in the art, at 
the time the invention was made, to incorporate the teachings of Moore into the 
Hartel/Shear system to have the step of determining whether the applet is capable 
of being executed by the secure processor further comprises verifying that the 
secure processor is capable of supplying resources designated in the resource 
meta-data portion of the meta-data portion of the applet The modification would 
have been obvious because one of ordinary skill in the art would have wanted to load 
the appropriate applet for the specified computer system, based on all of the 
requirements of the applet program, so that the applet/system combination will execute 
properly. 

As per claims 22-29, this is another method version of the claimed method 
discussed above, in claims 1, 2, 8-16, 20 and 24, wherein all claimed limitations have 
also been addressed and/or cited as set forth above. For example, see the 
Hartel/Shear/Moore system, (Hartel p. 1:20-6:40, Shear col. 5:1-5 and 22:27-40 and 
Moore col. 1:29-8:20). 

As per claims 30-32, this is another method version of the claimed method 
discussed above, in claims 1, 8, 10-16, 20 and 24, wherein all claimed limitations have 
also been addressed and/or cited as set forth above. For example, see the 
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Hartel/Shear/Moore system, (Hartel p. 1:20-6:40, Shear col. 5:1-5 and 22:27-40 and 
Moore col. 1 :29-8:20). 

As per claims 37-40, this is a system version of the claimed method discussed 
above, in claims 1, 2, 8-16, 20, 22 and 24, wherein all claimed limitations have also 
been addressed and/or cited as set forth above. For example, see the 
Hartel/Shear/Moore system. (Hartel p. 1:20-6:40, Shear col. 5:1-5 and 22:27-40 and 
Moore col. 1:29-8:20). 

As per claim 41, the rejection of claim 38 is incorporated and further, Hartel 
discloses that the resource meta-data portion comprises an applet serial number 

(p. 5:17-18, "gathers the bytecode and the method headers (containing the applet serial 
number) for the methods of all application programs (i.e. applets) in the system"). 

As per claims 42 and 43, this is a product version of the claimed method 
discussed above, in claim 8, wherein all claimed limitations have also been addressed 
and/or cited as set forth above. For example, see the Hartel/Shear/Moore system 
(Hartel p. 1:20-6:40, Sheared. 5:1-5 and 22:27-40 and Moore col. 1:29-8:20). 

Response to Arguments 

8. Applicant's arguments with respect to claims 1-43 have been considered but are 
moot in view of the new ground(s) of rejection. 
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Conclusion 



9. Any inquiry concerning this communication or earlier communications from tlie 
examiner should be directed to Andre R. Fowlkes whose telephone number is (571) 
272-3697. The examiner can normally be reached on Monday - Friday, 8:00am- 
4:30pm. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Tuan Q. Dam can be reached on (571)272-3695. The fax phone number for 
the organization where this application or proceeding is assigned is 571-273-8300. 

Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). 
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